Azure P2S First sign in domain controllers not found

Derek Cross 0 Reputation points
2024-03-20T09:32:51.74+00:00

We push Azure P2s device config via Intune.

I can see the "tunnel" applied in rasphone and in intune we have a certificate connector which is working.

We are currently using user based AOVPN windows and also Fortinet Client. The AOVPN is used for daily remote working and the Fortinet is used only for remote intune devices at the very first time of login after the laptop rebuilt for either an issue or new user.

Is it possible to get Azure P2S working before first login with no LAN connectivity?

The config is pushed from Intune and we have certificate connector pushing the device P2S cert and also our companies root cert. If i use fortinet to sign in ...from them P2S works but not until then and i'd like to remove Fortinet completely.

Appreciate any help/guidance.

Azure VPN Gateway
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,461 questions
{count} votes

1 answer

Sort by: Most helpful
  1. GitaraniSharma-MSFT 49,401 Reputation points Microsoft Employee
    2024-03-20T10:53:20.16+00:00

    Hello @Derek Cross ,

    Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.

    If I understand correctly, you would like to setup Always On VPN connections using Azure VPN which can connect to specified VPN servers before users sign in to the device. Please confirm if my understanding is correct.

    Always On VPN connection provides Device tunnel which connects to specified VPN servers before users sign in to the device. Pre-sign-in connectivity scenarios and device management use a device tunnel.

    Refer: https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-always-on-device-tunnel

    User's image

    Unlike user tunnel, which only connects after a user logs on to the device or machine, device tunnel allows the VPN to establish connectivity before the user logs on.

    Device tunnel can only be configured on domain-joined devices running Windows 10 Enterprise or Education version 1709 or later. There is no support for third-party control of the device tunnel. If only a Device Tunnel is used on a system, you can configure a Name Resolution Policy table (NRPT). If a User Tunnel and a Device Tunnel are used on a system, you can use the Name Resolution Policy table (NRPT) only on the User Tunnel. Device tunnel does not support Force tunnel. You must configure it as Split tunnel.

    Is it possible to get Azure P2S working before first login with no LAN connectivity?

    I'm not sure if I understand this particular query. When you say no LAN connectivity, what are you referring to here?

    Always ON VPN connection will work as long as there is network connectivity.

    User's image

    Refer: https://learn.microsoft.com/en-us/windows-server/remote/remote-access/vpn/vpn-device-tunnel-config

    Kindly let us know if the above helps or you need further assistance on this issue.


    Please don’t forget to "Accept the answer" wherever the information provided helps you, this can be beneficial to other community members.

    0 comments No comments